Type
Campaign
Actors
Funnull
Pub. date
June 25, 2024
Initial access
Insider threatSupply chain vector
Impact
Supply chain attackDefacement
References
https://sansec.io/research/polyfill-supply-chain-attackhttps://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/https://twitter.com/malwrhunterteam/status/1806593621711286503
Status
Finalized
Last edited
Aug 26, 2025 7:09 AM
A Chinese company named Funnull acquired the Polyfill domain and GitHub repo, and inserted malware into polyfill.js that redirected users to gambling websites. Further pivoting revealed that Funnull had exposed a CloudFlare API key that linked the company to several CDN providers which were also serving malicious scripts.
